renehaentjens
12-09-2003, 04:42 AM
In search_function.php (1.6.5) there is an urldecode in lines 80 and 90. I'm almost sure that these should be taken out. The web server does the urldecode for you...
The calls are harmless in 99.999% of the cases, but it is possible to construct a very artificial example where things go wrong.
You need a site where pages can contain words that contain two hex digits, for example 'E9X1', 'E9X2' etc.
Then, when you search with a query_string = % E 9 X (words begin) and find more hits than fit on one page, the first page of search results is OK (% is ignored as word separator) but you'll loose the rest when navigating to the second page of the search results.
The calls are harmless in 99.999% of the cases, but it is possible to construct a very artificial example where things go wrong.
You need a site where pages can contain words that contain two hex digits, for example 'E9X1', 'E9X2' etc.
Then, when you search with a query_string = % E 9 X (words begin) and find more hits than fit on one page, the first page of search results is OK (% is ignored as word separator) but you'll loose the rest when navigating to the second page of the search results.